Report available for WASCs Distributed Open Proxy Honeypot Project

“This project will use one of the web attacker's most trusted tools against him - the Open Proxy server. Instead of being the target of the attacks, we opt to be used as a conduit of the attack data in order to gather our intelligence. By deploying multiple, specially configured open proxy server (or proxypot), we aim to take a birds-eye look at the types of malicious traffic that traverse these systems. The honeypot systems will conduct real-time analysis on the HTTP traffic to categorize the requests into threat classifications outlined by the Web Security Threat Classification and report all logging data to a centralized location.”

That’s right the ability to view, analyze and measure real-live web attacks. Ryan has put a lot of work in and coordinated proxies in 7 locations around the world (Moscow, Russia - Crete, Greece – Karlsruhe, Germany – San Francisco, USA – Norfolk, USA – Falls Church USA – Foley USA). Time to start migrating away from the theoretical or hypothesized conversation about what the “bad guys” might be doing. Here is a taste of attacks found in the wild:

Obviously the more sensors that are available, the more chance of juicy data we can capture and the group is already set to grow. And as Ryan notes in the report, there is a lot of interesting and challenging aspects to this project that could really use some good people to solve. If you would like to contribute to this project, please contact Ryan Barnett RCBarnett_-at-_gmail.com.

No comments:

About Me

Jeremiah Grossman's career spans nearly 20 years and has lived a literal lifetime in computer security to become one of the industry's biggest names. He has received a number of industry awards, been publicly thanked by Microsoft, Mozilla, Google, Facebook, and many others for his security research. Jeremiah has written hundreds of articles and white papers. As an industry veteran, he has been featured in hundreds of media outlets around the world. Jeremiah has been a guest speaker on six continents at hundreds of events including many top universities. All of this was after Jeremiah served as an information security officer at Yahoo!